server: implement more advanced CORS handling

[frankie567]

The goal is to allow external API callers to be able to do so in a cross-origin scenario but only with the Authorization header and a proper token: cookie authentication should be blocked for them and allowed only for our own allow-listed origins.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

2 Ignored Deployments

Name	Status	Preview	Comments	Updated (UTC)
polar	⬜️ Ignored (Inspect)	Visit Preview		Jun 25, 2024 10:15am
polar-next-js-example	⬜️ Ignored (Inspect)	Visit Preview		Jun 25, 2024 10:15am

[github-actions]

📦 Next.js Bundle Analysis for web

This analysis was generated by the Next.js Bundle Analysis action. 🤖

This PR introduced no changes to the JavaScript bundle! 🙌

[sentry-io]

Suspect Issues

This pull request was deployed and Sentry observed the following issues:

• ‼️ HTTPStatusError: Client error '404 Not Found' for url 'https://discord.com/api/v10/guilds/1218730176297439332' polar.integrations.discord.endpoints.discord_gu... View Issue
• ‼️ RequestFailed: Response(401, data_model=<class 'githubkit.versions.v2022_11_28.models.group_0003.BasicError'>) polar.integrations.github.endpoints.install View Issue
• ‼️ RequestFailed: Response(403, data_model=<class 'githubkit.versions.v2022_11_28.models.group_0003.BasicError'>) polar.integrations.github.endpoints.github_call... View Issue
• ‼️ TypeError: object RedirectResponse can't be used in 'await' expression polar.integrations.stripe.endpoints.stripe_conn... View Issue
• ‼️ PrimaryRateLimitExceeded: (Response(403, data_model=typing.Any), datetime.timedelta(0)) polar.issue.endpoints.get_body View Issue

_{Did you find this useful? React with a 👍 or 👎}